CVE-2011-4944: Race Condition
First published: Wed Nov 30 2011(Updated: )
It was reported [1] that distutils would create ~/.pypirc insecurely. There is a race from the time the user's username and password is written to the file to when it is chmod'd with appropriate permissions. Typically, a user's home directory will be created with default 0700 permissions which would not allow for a local attacker to obtain access to this file during the race window, however if a user were to make their home directory 0755 they could be susceptible to this race. One solution would be to use tempfile.mkstemp() to create the file and then move it in place. [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/python2.7 | 2.7.18-8+deb11u1 | |
| Python 2.7 | =2.6.1 | |
| Python 2.7 | =2.6.2 | |
| Python 2.7 | =2.6.3 | |
| Python 2.7 | =2.6.4 | |
| Python 2.7 | =2.6.5 | |
| Python 2.7 | =2.6.6 | |
| Python 2.7 | =2.6.7 | |
| Python 2.7 | =2.6.8 | |
| Python 2.7 | =2.6.2150 | |
| Python 2.7 | =2.6.6150 | |
| Python 2.7 | =2.7.1 | |
| Python 2.7 | =2.7.1-rc1 | |
| Python 2.7 | =2.7.2-rc1 | |
| Python 2.7 | =2.7.3 | |
| Python 2.7 | =2.7.1150 | |
| Python 2.7 | =2.7.1150 | |
| Python 2.7 | =2.7.2150 | |
| Python 2.7 | =3.0 | |
| Python 2.7 | =3.0.1 | |
| Python 2.7 | =3.1 | |
| Python 2.7 | =3.1.1 | |
| Python 2.7 | =3.1.2 | |
| Python 2.7 | =3.1.3 | |
| Python 2.7 | =3.1.4 | |
| Python 2.7 | =3.1.5 | |
| Python 2.7 | =3.1.2150 | |
| Python 2.7 | =3.2 | |
| Python 2.7 | =3.2-alpha |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2012/03/27/10
- http://www.openwall.com/lists/oss-security/2012/03/27/2
- https://bugzilla.redhat.com/show_bug.cgi?id=758905
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555
- http://bugs.python.org/issue13512
- http://bugs.python.org/file23824/pypirc-secure.diff
- http://www.openwall.com/lists/oss-security/2012/03/27/5
- http://www.ubuntu.com/usn/USN-1596-1
- http://www.ubuntu.com/usn/USN-1613-2
- http://www.ubuntu.com/usn/USN-1613-1
- http://www.ubuntu.com/usn/USN-1592-1
- http://www.ubuntu.com/usn/USN-1615-1
- http://secunia.com/advisories/51089
- http://secunia.com/advisories/51040
- http://secunia.com/advisories/50858
- http://www.ubuntu.com/usn/USN-1616-1
- http://secunia.com/advisories/51087
- http://secunia.com/advisories/51024
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://launchpad.net/bugs/cve/CVE-2011-4944
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=573152&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=573152&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=808303
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=808304
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=808305
- https://rhn.redhat.com/errata/RHSA-2012-0744.html
- https://rhn.redhat.com/errata/RHSA-2012-0745.html
- https://security-tracker.debian.org/tracker/CVE-2011-4944
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
- https://nvd.nist.gov/vuln/detail/CVE-2011-4944
- https://ubuntu.com/security/CVE-2011-4944
Frequently Asked Questions
What is the severity of CVE-2011-4944?
CVE-2011-4944 is considered a moderate severity vulnerability due to the potential for unauthorized access to sensitive information.
How do I fix CVE-2011-4944?
To fix CVE-2011-4944, upgrade to a more secure version of Python that addresses this vulnerability, such as Python 2.7.18 or later.
What types of software are affected by CVE-2011-4944?
CVE-2011-4944 affects several versions of Python, including 2.6.x, 2.7.x, and 3.0.x to 3.1.x.
What is the nature of the vulnerability in CVE-2011-4944?
CVE-2011-4944 is a race condition vulnerability that allows for insecure handling of user credentials in the ~/.pypirc file.
Is there a workaround for CVE-2011-4944?
A temporary workaround for CVE-2011-4944 is to manually manage the permissions of the ~/.pypirc file to ensure it is private until an upgrade can be performed.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4944
- agent/remedy
- agent/weakness
- agent/severity
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/debian
- vendor/python
- canonical/python 2.7
- version/python 2.7/2.6.1
- version/python 2.7/2.6.2
- version/python 2.7/2.6.3
- version/python 2.7/2.6.4
- version/python 2.7/2.6.5
- version/python 2.7/2.6.6
- version/python 2.7/2.6.7
- version/python 2.7/2.6.8
- version/python 2.7/2.6.2150
- version/python 2.7/2.6.6150
- version/python 2.7/2.7.1
- version/python 2.7/2.7.1-rc1
- version/python 2.7/2.7.2-rc1
- version/python 2.7/2.7.3
- version/python 2.7/2.7.1150
- version/python 2.7/2.7.2150
- version/python 2.7/3.0
- version/python 2.7/3.0.1
- version/python 2.7/3.1
- version/python 2.7/3.1.1
- version/python 2.7/3.1.2
- version/python 2.7/3.1.3
- version/python 2.7/3.1.4
- version/python 2.7/3.1.5
- version/python 2.7/3.1.2150
- version/python 2.7/3.2
- version/python 2.7/3.2-alpha